EP0781065A2 - Verfahren zur sicheren Benutzung eines Endgerätes eines zellularen Funkübertragungssystems sowie zugehöriges Endgerät und Benutzerkarte - Google Patents

Verfahren zur sicheren Benutzung eines Endgerätes eines zellularen Funkübertragungssystems sowie zugehöriges Endgerät und Benutzerkarte

Info

Publication number
EP0781065A2
EP0781065A2 EP96402746A EP96402746A EP0781065A2 EP 0781065 A2 EP0781065 A2 EP 0781065A2 EP 96402746 A EP96402746 A EP 96402746A EP 96402746 A EP96402746 A EP 96402746A EP 0781065 A2 EP0781065 A2 EP 0781065A2
Authority
EP
European Patent Office
Prior art keywords
terminal
user card
data
card
linked
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP96402746A
Other languages
English (en)
French (fr)
Other versions
EP0781065A3 (de
EP0781065B1 (de
Inventor
Francis Pinault
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent SAS
Original Assignee
Alcatel Mobile Communication France SA
Alcatel Mobile Phones SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Mobile Communication France SA, Alcatel Mobile Phones SA filed Critical Alcatel Mobile Communication France SA
Publication of EP0781065A2 publication Critical patent/EP0781065A2/de
Publication of EP0781065A3 publication Critical patent/EP0781065A3/de
Application granted granted Critical
Publication of EP0781065B1 publication Critical patent/EP0781065B1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the field of the invention is that of cellular radio communication systems with terminals (also called mobile stations).
  • terminals also called mobile stations.
  • GSM Global System for Mobile communications
  • the GSM standard is known in particular in Europe ("Special group Mobile Public Radiocommunication Systems Operating in the 900 MHz Band").
  • the invention relates to a method for securing the use of a terminal of a cellular radio communication system.
  • the method of the invention can in particular, but not exclusively, be implemented in a GSM system.
  • a cellular radiocommunication system is implemented within a network of geographic cells traversed by mobile stations (or terminals).
  • a base station is associated with each cell, and a mobile station communicates through the base station associated with the cell in which it is located.
  • mobile station or terminal By mobile station or terminal (the two terms being used interchangeably in the present description), is meant the physical equipment used by the network user to access the telecommunication services offered. There are different types of terminals, such as mobiles mounted on vehicles, laptops or even laptops.
  • the latter when a terminal is used by a user, the latter must connect a user card which he holds, so that this provides the terminal with its subscriber number.
  • the user card that the user must connect to the terminal is a removable memory card, called subscriber identification module (or SIM in English, for Subscriber Identity Module), which provides at the terminal, its international subscriber number (or IMSI in English, for International Mobile Subscriber Identity).
  • SIM subscriber identification module
  • IMSI international subscriber number
  • each terminal can therefore be used, in the general case, with any user card.
  • an authentication mechanism is defined. Indeed, it is necessary to avoid that, from the mere knowledge of the identity of a subscriber (or IMSI), a fraudster can impersonate the network for this subscriber.
  • the user card also contains an individual authentication key and an authentication algorithm. Thus, after the subscriber has identified himself, the network can check his identity and interrupt the procedure if the authentication is not successful.
  • the subscriber can report the loss or theft of his user card to the operator or network manager. In this way, any attempt by a third party to use this user card can be detected and prohibited at the system level.
  • a personal identity number (or PIN in English, for Personal Identity Number) is stored on the user card.
  • PIN code is requested from the subscriber, who enters it on the keyboard of his terminal, each time the card is inserted into the terminal or each time it is put into service.
  • a potential fraudster can only use a lost or stolen user card if he gets to know the PIN code associated with this user card.
  • each terminal of a cellular radiocommunication system is a very expensive device, whether this cost is borne by the subscriber or by the operator. There is therefore an obvious interest in trying to secure its use, especially in the event of loss or theft.
  • securing the use of a terminal consists in proposing, in addition to the normal operating mode, a so-called locked mode, in which the terminal can only be used with the user card, known as the card linked user, with which it was locked.
  • a link is created between the terminal and a particular user card (called linked user card).
  • the terminal reads user identification data stored on the user card, then stores it in its memory.
  • the terminal reads the user identification data stored on the user card with which it cooperates, then compares them with those stored in its memory during the link creation phase, and finally authorizes or not its operation depending on whether the data read and those stored are identical or not.
  • the terminal can only be used with it. Indeed, as already explained above, the subscriber can declare to his operator the loss or theft of his user card, so that the use of it is prohibited at the system level. Theft of the terminal is therefore also of no interest in this case.
  • the link terminal / user card is based on the storage in the memory of the terminal of the user identification data (read by the terminal on the user card, during the link creation phase).
  • a fraudster it is always possible for a fraudster to directly modify the content of the terminal memory in order to modify the existing locking link. In this case, it will replace, in the memory of the terminal, the identification data of the linked user card with new identification data of another user card. In this way, although it is in locked mode, the terminal operates (fraudulently) since it sees the other user card as the card with which it is linked.
  • this known technique is generally combined with the protection consisting in asking the subscriber to enter his PIN code each time his user card is inserted into the terminal or each time it is put into service.
  • this operation of re-entering the PIN code can become tedious if it is repeated many times during the same day. For this reason, some subscribers leave their terminal on so that they do not have to enter the PIN code several times. Therefore, even if the locked mode is selected, the theft of the terminal, which is turned on and cooperates with his linked user card, allows a fraudster to access network services, until a ban at the system level after that the subscriber has declared the loss or theft of his user card. It should be recalled here that, for the use of stolen terminals, there is no means of prohibition at the system level equivalent to that existing for stolen user cards.
  • the invention particularly aims to overcome these drawbacks of the state of the art.
  • one of the objectives of the present invention is to provide a method for securing the use of a terminal of a cellular radiocommunication system, this method making it possible to completely eliminate all the risks of fraudulent use of the terminal .
  • An additional objective of the invention is to provide such a method making it possible to avoid the user having to re-enter their PIN code each time their user card is inserted into the terminal or each time it is put into service.
  • the invention also aims to provide such a method which not only offers the advantages offered by the known method described in patent EP 301,740 above, but also other advantages which cannot be offered by this known process.
  • an object of the invention is to provide such a method which, like the known method, allows operation in locked mode, in which the use of the terminal is only possible with a particular user card. .
  • Yet another objective of the invention is to provide such a method which makes it possible, when the known method cannot, to leave a terminal in operation with its user card linked inside, while preventing fraudulent use of this terminal.
  • An additional objective of the invention is to provide such a method which allows, locally or remotely, the blocking (total prohibition of operation) or the unblocking (authorization of operation in locked mode) of a terminal.
  • Another objective of the invention is to provide such a method which allows a subscriber having several terminals for the same subscription to have at least one terminal permanently available which makes it possible to perform different "passive reception" functions (operation of the answering machine type), such as storing received calls.
  • the general principle of the invention consists in establishing a link between a terminal in a user card by storing locking data on this user card (called linked user card).
  • This principle differs fundamentally from that proposed in the aforementioned patent EP 301 740. Indeed, the known principle, if it also consists in establishing a link between the terminal and a user card, is based on the storage of locking data in the terminal (and not on the linked user card).
  • the method of the invention allows operation in locked mode, in which the use of the terminal is only possible with the linked user card.
  • the terminal / user card link is dependent on the one hand on the first data stored on the linked user card and on the other hand on a calculation function specific to the terminal.
  • a fraudster cannot in any case know this calculation function which is not accessible in reading.
  • the linked user card has been stolen with the terminal, it also does not know the first data stored. Consequently, he cannot transform a user card in his possession so that it can be seen by the terminal as the user card with which he is linked.
  • the method of the invention offers an operation in locked mode which is secure enough not to require the user to enter his PIN code each time his user card is inserted into the terminal or each time the this one.
  • the authentication phase can also, advantageously, be repeated according to a predetermined strategy, that is to say for example at predetermined time intervals (regular or not).
  • said terminal-specific calculation function is an encryption function according to a predetermined algorithm, and said first and second locking data are data encrypted with said encryption function.
  • the step of storing the first locking data in a memory area of the linked user card is carried out during a prior personalization of said linked user card.
  • This prior personalization is for example carried out during the manufacture of the user card, during the commissioning of the user card (by the manufacturer, operator, or distributor), or even during the composition of an assembly. personalized including the terminal and its user card.
  • the user card is personalized at the factory or by a distributor.
  • the user card With regard to its operation in the locked mode, the user card is therefore linked as soon as it is personalized to a particular terminal, namely the one whose own calculation function makes it possible, from intermediate data, to calculate second locking data identical to the first lock data stored on the linked user card. In other words, the user card can only be locked with this particular terminal.
  • the step of storing the first locking data in a memory area of the linked user card is performed during each transition from normal mode to locked mode, new first data to be stored being calculated in the terminal, from said calculation function specific to said terminal and from said intermediate data.
  • the user card is not previously linked to a terminal and can therefore be locked with any terminal. Indeed, it is only when we pass from normal mode to locked mode that the link is created with the terminal (which is therefore the one with which the user card cooperates).
  • the content of the memory area of the previously linked user card in which the first locking data is stored is at least partially modified, so as to remove the authentication link between the terminal and the previously linked user card.
  • the terminal in said locked mode, can be used with at least one other user card, called another linked user card, during a multi-user session starting after a multi-user code has been transmitted to the terminal, and ending either when said other linked user card no longer cooperates with the terminal, or when the terminal is stopped and then restarted.
  • another linked user card at least one other user card
  • the terminal operates in the locked mode with one or the other of two linked user cards.
  • the multi-user session allowing the use of a second linked user card ends, we return to the link between the terminal and the first linked user card.
  • the linked user card with which the terminal cooperates can therefore be replaced by another user card, without this requiring passage through normal mode. Consequently, securing the use of the terminal remains total, even if there are two - and no longer just one - linked user cards.
  • said intermediate data are stored in a memory area of the terminal.
  • said intermediate data are stored in a memory area of the user card with which the terminal cooperates.
  • said intermediate data are stored, for a part, in a memory area of the terminal and, for the other part, in a memory area of the user card with which the terminal cooperates.
  • the passage by the terminal from normal mode to locked mode requires the transmission to the terminal of a predetermined locking / unlocking code
  • the passage by the terminal from locked mode to normal mode requires the transmission to said terminal of said unlocking code / unlocking
  • said locking / unlocking code is entered by a user of the terminal on a keyboard connected to the terminal.
  • the terminal when it is in locked mode, the terminal can be made unusable (complete blocking preventing fraudulent use) without being switched off. In this "on but blocked” state, the terminal can perform various "passive reception” functions (answering machine type operation), such as storing received calls.
  • said blocking step is carried out when a blocking command is transmitted to the terminal, and said unblocking step is carried out when a unlocking command is transmitted to the terminal.
  • the method of the invention allows, locally or remotely, blocking (total prohibition of operation) or unblocking (authorization of operation in locked mode) of the terminal.
  • said blocking and unblocking commands are only taken into account by the terminal if they are accompanied by a predetermined blocking / unblocking code.
  • said blocking and unblocking commands are transmitted to the terminal via a Short Message Service.
  • said blocking and unblocking commands are transmitted to the terminal via a Data Transmission Service.
  • said blocking and unblocking commands are transmitted to said terminal, said first terminal, from another terminal, said second terminal, and the user card with which said second terminal cooperates and the user card with which cooperates said first terminal correspond to the same subscription.
  • the method of the invention allows a subscriber having several terminals for the same subscription to have permanently at least one terminal enabling operation of the answering machine type (for example in order to store received calls).
  • the invention also relates to a terminal and a user card allowing the implementation of the method as presented above.
  • the user card of the invention includes a memory area intended to receive first locking data.
  • the invention therefore relates to a method for securing the use of a terminal of a cellular radio communication system.
  • This terminal is of the type intended to cooperate with a user card and being able to operate according to at least two distinct operating modes, namely a normal mode, in which it can be used with any user card, and a locked mode, in which it can only be used with the user card, known as the linked user card, with which it has been locked.
  • the link creation phase consists, according to the invention, in storing in a memory area of the linked user card first locking data. As explained in more detail in the following description, this creation phase can be carried out either during the manufacture of the user card, or during each transition from normal mode to locked mode.
  • This authentication phase 10 is for example carried out during each start-up of the terminal and during each change of user card cooperating with the terminal. It can also be carried out repeatedly, according to a predetermined strategy (for example at regular time intervals during operation in locked mode).
  • the terminal-specific calculation function A is for example an encryption function according to a predetermined algorithm, so that the first D1 and second D2 locking data are data encrypted with this encryption function A.
  • Each of the three pairs of figures (2A, 2B), (3A, 3B) and (4A, 4B) presents an implementation technique distinct from the authentication phase 10 of FIG. 1.
  • the first FIG. 2A, 3A and 4A schematically presents the distribution between the terminal T and the user card CU of elements allowing the implementation of the method of the invention.
  • These elements are in particular the first locking data D1, the calculation function A specific to the terminal, a comparison function C and the intermediate data DI. Due to the very principle of the invention, the first locking data D1 is always stored on the linked user card CU. Furthermore, by definition, the terminal-specific calculation function A as well as the comparison function C are stored on the terminal T.
  • the intermediate data DI can be stored on the terminal (cf. fig. 2A and 2B), on the user card CU (cf. fig. 3A and 3B), or even distributed between the terminal T and the user card CU (see fig. 4A and 4B).
  • the second figure 2B, 3B and 4B shows diagrammatically the course of the authentication phase of the user card CU by the terminal T.
  • the intermediate data D1 is stored in a memory area of the terminal T.
  • the progress of the authentication phase of the link is as follows (see fig. 2B): the terminal reads on the user card the first locking data D1 and compares them (C) to second locking data D2 which it has calculated from the calculation function A and the intermediate data DI which it stores. The result R of this comparison makes it possible to authorize or not the use of the terminal T.
  • the intermediate data DI is stored in a memory area of the user card CU with which the terminal T cooperates.
  • the progress of the authentication phase of the link is identical to that of the first technique except that the terminal T reads the intermediate data DI on the user card CU.
  • the intermediate data DI is stored, for a part DI ', in a memory area of the terminal T and, for the other part DI ", in a memory area of the card user CU with which the terminal cooperates.
  • the course of the authentication phase of the link (cf. FIG. 4B) is identical to that of the first technique except that the terminal T combines, with a combination function f c , the intermediate data DI 'stored on the terminal and intermediate data DI "stored on the user card, and uses the result DI r of this combination to calculate, with the calculation function A, the second locking data D2.
  • the authentication phase 10 is preferably implemented with the first or third technique mentioned above. So, thanks to the intermediate data DI, DI 'which are stored in a memory area of the terminal but which are distinct from one terminal to another, it is avoided that the first identical locking data are stored in the user cards linked with the different terminals which have the same function of encryption.
  • the intermediate data DI, DI ', DI' ' are for example stored during the manufacture of the equipment (terminal or user card as the case may be) which stores them.
  • FIG. 5 presents a simplified flowchart of a first embodiment of the method according to the invention.
  • Step 51 of creating the terminal / user card link that is to say the step during which the first locking data D1 is stored in a memory area of the linked user card, is carried out definitively during personalization of the linked user card (for example during its production).
  • the link authentication phase 10 is carried out as often as necessary. Finally, it is possible to switch from normal mode to locked mode and vice versa.
  • FIG. 6 presents a simplified flowchart of a second embodiment of the method according to the invention.
  • the phase 61 of creation of the link is carried out during each transition from normal mode to locked mode.
  • step 62 carried out during each transition from locked mode to normal mode, of removing the previous terminal link / linked user card. To do this, the content of the memory area of the previously linked user card in which the first locking data is stored is at least partially modified.
  • the terminal can be used with at least one second linked user card, during a multi-user session.
  • This session begins with the supply to the terminal of a multi-user code and ends either when the second linked user card no longer cooperates with the terminal, or when the terminal is stopped. then restarted.
  • step 63 and 64 it is possible to impose (steps referenced 63 and 64) the provision of a predetermined locking / unlocking code for the passage by the terminal from the normal mode to the locked mode, as well as for the reverse passage.
  • This locking / unlocking code is for example entered by the subscriber on a keyboard connected to his terminal (or integrated into it).
  • the method can also include, in locked mode, a step 65 of blocking the terminal and a step 66 of unlocking the terminal.
  • FIG. 8 presents in more detail this blocking phase of the terminal, which notably comprises a step 83 of modification, at least partial, of the content of the memory area of the linked user card in which the first locking data D1 are stored.
  • This makes the terminal unusable even if the user card with which it cooperates is the linked user card. It is important to note that in this blocked state, the terminal remains on and can therefore fulfill functions of the answering machine type (for example, memorizing, during a call, the number of the caller and / or a message left by that -this).
  • the completion of the blocking step 65 can be conditioned by the following double condition: (81) a blocking command must be transmitted to the terminal, (82) this blocking command must be accompanied by a blocking / unblocking code predetermined.
  • FIG. 9 presents in more detail the unlocking phase of the terminal, which notably comprises a step 93 of rewriting the first locking data D1 in the memory area of the linked user card. This makes it possible to make the terminal usable again, on the condition of course that the user card with which it cooperates is the linked user card.
  • the completion of the unblocking step 66 may be conditioned by the following double condition: (91) an unblocking command must be transmitted to the terminal, (92) this unblocking command must be accompanied by a blocking / unblocking code predetermined.
  • the blocking and unblocking commands are for example transmitted to the terminal (said first terminal T1), from another terminal (said second terminal T2), via (101) either of a Service Short Messages, or a Data Transmission Service.
  • These two services are implemented according to techniques described in the GSM recommendations series 2, 3, 4 and 7.
  • the network must include, at the system level, means for routing such blocking and unblocking commands. .
  • a user who has two separate user cards C1, C2 for the same subscription can permanently have at least one terminal which can perform different "passive reception” functions ( answering machine type).
  • the first terminal T1 is a mobile terminal mounted on a vehicle and where the second terminal T2 is a portable terminal.
  • his mobile terminal can behave like an answering machine, while being blocked (that is to say unusable) since the user card no longer contains the good first locking data D1.
  • the invention also relates to a terminal and a user card allowing the implementation of the method as presented above.
  • FIG. 11 presents a simplified diagram of an embodiment of this terminal and of this user card.
  • These securing means 111 are used, in the locked mode, during the authentication phase 10 by the terminal T of the user card CU with which it cooperates (see fig. 1).
  • the intermediate data DI is stored in a memory area 114 of the terminal.
  • the technique for implementing authentication phase 1 is then the first described above, in relation to FIGS. 2A and 2B.
  • the invention is not limited to this particular embodiment but also relates to the case where the intermediate data are stored in a memory area of the user card, or even that the case the intermediate data is distributed between the terminal and user card.
EP96402746A 1995-12-21 1996-12-16 Verfahren zur sicheren Benutzung eines Endgerätes eines zellularen Funkübertragungssystems sowie zugehöriges Endgerät Expired - Lifetime EP0781065B1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR9515283A FR2742959B1 (fr) 1995-12-21 1995-12-21 Procede de securisation de l'utilisation d'un terminal d'un systeme de radiocommunication cellulaire, terminal et carte utilisateur correspondants
FR9515283 1995-12-21

Publications (3)

Publication Number Publication Date
EP0781065A2 true EP0781065A2 (de) 1997-06-25
EP0781065A3 EP0781065A3 (de) 1999-03-17
EP0781065B1 EP0781065B1 (de) 2003-11-19

Family

ID=9485809

Family Applications (1)

Application Number Title Priority Date Filing Date
EP96402746A Expired - Lifetime EP0781065B1 (de) 1995-12-21 1996-12-16 Verfahren zur sicheren Benutzung eines Endgerätes eines zellularen Funkübertragungssystems sowie zugehöriges Endgerät

Country Status (8)

Country Link
US (1) US5913175A (de)
EP (1) EP0781065B1 (de)
JP (1) JP3105806B2 (de)
AT (1) ATE254824T1 (de)
AU (1) AU716887B2 (de)
CA (1) CA2193712A1 (de)
DE (1) DE69630769T2 (de)
FR (1) FR2742959B1 (de)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999004587A1 (en) * 1997-07-18 1999-01-28 Orange Personal Communications Services Limited Subscriber system with user station with removable data store
GB2329498A (en) * 1997-09-19 1999-03-24 Motorola Ltd Data carrier and method for controlling activation of a security feature
FR2776453A1 (fr) * 1998-03-20 1999-09-24 Gemplus Card Int Procede de gestion securisee d'un compteur d'unites et module de securite mettant en oeuvre le procede

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997011548A2 (de) * 1995-09-21 1997-03-27 Siemens Aktiengesellschaft Verfahren für ein sicheres interface zwischen telefon mit karte und dem netz in einem fernsprechsystem
JPH09322239A (ja) * 1996-05-31 1997-12-12 Nippon Shinpan Kk 携帯電話等の移動体通信機の不正使用防止方法および該方法を実現する不正使用防止システム
JP3056080B2 (ja) * 1996-07-31 2000-06-26 埼玉日本電気株式会社 携帯電話機
WO1998034198A1 (fr) * 1997-01-31 1998-08-06 Toyota Jidosha Kabushiki Kaisha Equipement de communication destine a etre embarque sur un vehicule et equipement de communication entre routes
EP0936790B1 (de) * 1997-02-14 2006-08-23 Ntt Mobile Communications Network Inc. Verfahren zur gesteuerten aktivierung von mobilstationen und mobilstation die dieses verfahren verwendet
FR2763773B1 (fr) * 1997-05-20 1999-08-06 Gemplus Card Int Deblocage a distance d'acces a un service de telecommunication
US6119020A (en) * 1997-12-16 2000-09-12 Motorola, Inc. Multiple user SIM card secured subscriber unit
JP2000003336A (ja) 1998-06-16 2000-01-07 Nec Corp 携帯型データ通信端末装置におけるユーザ認証方法及びユーザ認証システム
GB2339114B (en) * 1998-06-30 2003-03-05 Ericsson Telefon Ab L M Secure messaging in mobile telephones
KR100300629B1 (ko) 1998-11-07 2001-09-07 윤종용 코드분할다중접속방식 서비스지역에서 심카드를 사용하기 위한시스템 및 방법
US6216015B1 (en) * 1999-02-04 2001-04-10 Motorola, Inc. Wireless subscriber unit and method for managing smart card data
FR2791846B1 (fr) * 1999-04-01 2001-06-01 Sfr Sa Terminal telephonique, support de donnees amovible pourvu(s) de moyens permettant la suppression de fonctionnalites communes et procede de gestion des menus de fonctionnalites correspondant
FR2794595B1 (fr) * 1999-06-03 2002-03-15 Gemplus Card Int Pre-controle d'un programme dans une carte a puce additionnelle d'un terminal
FR2795582B1 (fr) * 1999-06-28 2001-09-21 Cit Alcatel Dispositif et procede de controle d'acces a au moins une prestation disponible a partir d'un terminal de telecommunications relie a un reseau de telecommunications
SE515327C2 (sv) 1999-08-27 2001-07-16 Ericsson Telefon Ab L M Anordning för att utföra säkra transaktioner i en kommunikationsanordning
JP3791582B2 (ja) * 1999-09-17 2006-06-28 株式会社トータルシステムエンジニアリング チェーンストア業物流合理化システム
EP1107627A1 (de) * 1999-12-03 2001-06-13 Siemens Aktiengesellschaft Methode für das Schützen der Benutzerdaten gespeichert im Speicher einer Mobilkommunikationengeräte, besonders ein Mobiltelefon
EP1113683A1 (de) * 1999-12-21 2001-07-04 Koninklijke Philips Electronics N.V. Schutz von Funktelefoniegerät gegen Diebstahl
FR2804824A1 (fr) * 2000-02-08 2001-08-10 Koninkl Philips Electronics Nv Controle de l'interface homme machine d'un equipement de telecommunications
US7124439B1 (en) * 2000-03-15 2006-10-17 Nokia Mobile Phones, Ltd. Secure user action request indicator
FR2809907B1 (fr) * 2000-05-30 2002-08-30 Cit Alcatel Procede et dispositif de verrouillage d'une operation mettant en oeuvre deux identifiants
JP2002073424A (ja) * 2000-08-31 2002-03-12 Mitsubishi Electric Corp 半導体装置、端末装置および通信方法
FI111597B (fi) * 2000-12-21 2003-08-15 Nokia Corp Päätelaitteen älykortti, älykorttia käyttävä päätelaite ja parannettu menetelmä käyttäjän tunnistamiseksi älykorttia käyttämällä
FI112904B (fi) * 2001-06-29 2004-01-30 Nokia Corp Menetelmä suojata elektroninen laite ja elektroninen laite
US20030181219A1 (en) * 2002-03-19 2003-09-25 June-Kewi Huang Method of indicating unauthorized use of a mobile terminal
FR2842059B1 (fr) * 2002-07-04 2004-12-24 Cit Alcatel Procede de verouillage d'un terminal mobile de telecommunication
FR2843520B1 (fr) * 2002-08-12 2005-01-07 Sagem Procede d'utilisation d'un telephone mobile
WO2004089010A1 (en) * 2003-03-28 2004-10-14 Wildseed, Ltd. A wireless mobile phone with authenticated mode of operation including photo based authentication
WO2004089011A1 (en) * 2003-03-28 2004-10-14 Wildseed, Ltd. A wireless mobile phone with authenticated mode of operation including finger print based authentication
KR20050015818A (ko) * 2003-08-07 2005-02-21 삼성전자주식회사 비보안 사용이 가능한 네트워크 장치 및 그 방법
DE60307482T2 (de) * 2003-11-26 2007-03-29 France Telecom Authentifizierung zwischen einem zellularen Mobilendgerät und einem kurzreichweitigen Zugangspunkt
TWI271992B (en) * 2004-07-28 2007-01-21 Mediatek Inc Mobile communication apparatus having anti-theft and auto-notification functions and method of operating the same
KR100641220B1 (ko) * 2004-11-27 2006-11-02 엘지전자 주식회사 휴대 단말기의 초기화 방법
KR100808986B1 (ko) * 2006-11-09 2008-03-04 삼성전자주식회사 이동통신단말기의 콘텐츠 파일 실행방법 및 장치
JP5056068B2 (ja) * 2007-02-27 2012-10-24 日本電気株式会社 携帯端末装置、icカード認証制御方法及びプログラム
EP2028601B1 (de) * 2007-08-07 2014-10-01 Alcatel Lucent Realisierung von Richtlinien für eine sichere Mobilgeräteumgebung auf der Basis geplanter Einmalaktualisierungscodes
US8789136B2 (en) * 2008-09-02 2014-07-22 Avaya Inc. Securing a device based on atypical user behavior
EP2291015A1 (de) * 2009-08-31 2011-03-02 Gemalto SA Verfahren zum Übertragen von Daten zwischen einem sicheren Element und einem Netzzugangspunkt und entsprechendes sicheres Element
CN102137388B (zh) * 2011-03-10 2015-01-21 惠州Tcl移动通信有限公司 一种手机及其数据处理方法

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0301740A2 (de) 1987-07-29 1989-02-01 Nokia Mobile Phones Ltd. Verfahren zum Verriegeln eines tragbaren Funktelefons auf einer Benutzerkarte

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4736419A (en) * 1984-12-24 1988-04-05 American Telephone And Telegraph Company, At&T Bell Laboratories Electronic lock system
US5761624A (en) * 1991-10-11 1998-06-02 Integrated Technologies Of America, Inc. Method and apparatus for controlling and recording cellular phone transactions using an integrated circuit card
SE470519B (sv) * 1992-11-09 1994-06-27 Ericsson Telefon Ab L M Anordning för tillhandahållande av tjänster såsom telefonkommunikation datakommunikation, etc omfattande en terminalenhet och en accessenhet
DE4242151C1 (de) * 1992-12-14 1994-03-24 Detecon Gmbh Verfahren zur Sicherung eines Mobilfunkgerätes gegen unerlaubte Benutzung
US5390252A (en) * 1992-12-28 1995-02-14 Nippon Telegraph And Telephone Corporation Authentication method and communication terminal and communication processing unit using the method
US5450479A (en) * 1992-12-30 1995-09-12 At&T Corp. Method and apparatus for facilitating the making of card calls
US5444764A (en) * 1993-07-01 1995-08-22 Motorola, Inc. Method of providing a subscription lock to a radiotelephone system
FR2718312B1 (fr) * 1994-03-29 1996-06-07 Rola Nevoux Procédé d'authentification combinée d'un terminal de télécommunication et d'un module d'utilisateur.
CN1071083C (zh) * 1994-04-07 2001-09-12 诺基亚电信公司 无线移动终端的可拆卸式用户识别卡和通话控制方法
US5604787A (en) * 1994-10-07 1997-02-18 Motorola, Inc. Method and apparatus for transferring information to a device in a communication system
US5742910A (en) * 1995-05-23 1998-04-21 Mci Corporation Teleadministration of subscriber ID modules
US5617470A (en) * 1995-06-02 1997-04-01 Depasquale; George B. Apparatus and method for preventing unauthorized access to a system
US5600708A (en) * 1995-08-04 1997-02-04 Nokia Mobile Phones Limited Over the air locking of user identity modules for mobile telephones

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0301740A2 (de) 1987-07-29 1989-02-01 Nokia Mobile Phones Ltd. Verfahren zum Verriegeln eines tragbaren Funktelefons auf einer Benutzerkarte

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999004587A1 (en) * 1997-07-18 1999-01-28 Orange Personal Communications Services Limited Subscriber system with user station with removable data store
GB2329498A (en) * 1997-09-19 1999-03-24 Motorola Ltd Data carrier and method for controlling activation of a security feature
FR2776453A1 (fr) * 1998-03-20 1999-09-24 Gemplus Card Int Procede de gestion securisee d'un compteur d'unites et module de securite mettant en oeuvre le procede
WO1999049646A1 (fr) * 1998-03-20 1999-09-30 Gemplus Procede de gestion securisee d'un compteur d'unites et module de securite mettant en oeuvre le procede

Also Published As

Publication number Publication date
DE69630769D1 (de) 2003-12-24
AU7414796A (en) 1997-06-26
ATE254824T1 (de) 2003-12-15
FR2742959A1 (fr) 1997-06-27
US5913175A (en) 1999-06-15
CA2193712A1 (fr) 1997-06-22
JP3105806B2 (ja) 2000-11-06
DE69630769T2 (de) 2004-09-30
EP0781065A3 (de) 1999-03-17
AU716887B2 (en) 2000-03-09
EP0781065B1 (de) 2003-11-19
JPH09187081A (ja) 1997-07-15
FR2742959B1 (fr) 1998-01-16

Similar Documents

Publication Publication Date Title
EP0781065B1 (de) Verfahren zur sicheren Benutzung eines Endgerätes eines zellularen Funkübertragungssystems sowie zugehöriges Endgerät
EP1379093B1 (de) Sicherungsverfahren für ein mobiles Kommunikationsendgerät
EP0973318A1 (de) Verfahren zum Fernbezahlen mittels eines mobilen Funktelefons, die Erwerbung eines Gutes und/oder eines Dienstes und entsprechendes System und mobiles Funktelefon
FR2748834A1 (fr) Systeme de communication permettant une gestion securisee et independante d'une pluralite d'applications par chaque carte utilisateur, carte utilisateur et procede de gestion correspondants
FR2842059A1 (fr) Procede de verouillage d'un terminal mobile de telecommunication
WO2007119032A1 (fr) Procede de securisation de l'acces a un module de communication de proximite dans un terminal mobile
CA2259287A1 (fr) Message court ameliore et procede de synchronisation et de securisation d'un echange de messages courts ameliores dans un systeme de radiocommunication cellulaire
EP0480833A1 (de) Funktelefonanlage mit gesichertem Münzfernsprechdienst
FR2763773A1 (fr) Deblocage a distance d'acces a un service de telecommunication
WO2000051386A1 (fr) Authentification dans un reseau de radiotelephonie
EP1336287B1 (de) Anrufen von einem funkfernsprechendgerät
WO1997030424A1 (fr) Procede pour faire autoriser par un serveur l'acces a un service a partir de dispositifs portatifs a microcircuits electroniques du type carte a memoire par exemple
US20070142086A1 (en) Method of securing a mobile telephone identifier and corresponding mobile telephone
CA2377425A1 (fr) Procede et systeme d'acces securise a un serveur informatique
WO2000042731A1 (fr) Procede de chargement securise de donnees entre des modules de securite
EP2171910A1 (de) Verfahren zur eingebetteten erzeugung einer kennung und eines assoziierten schlüssels in ein kommunizierendes tragbares objekt
FR2852777A1 (fr) Procede de protection d'un terminal de telecommunication de type telephone mobile
EP1301910B1 (de) Verfahren zum absichern einer transaktion auf einem telekommunikationsnetzwerk und system zur durchführung des verfahrens
FR2748880A1 (fr) Message ameliore et procede correspondant de synchronisation et de securisation d'un echange de messages ameliores dans un systeme de radiocommunication cellulaire
EP1321005B1 (de) Verfahren zum laden von informationen auf einem identifizierungsmittel
CA2305034A1 (fr) Procede pour realiser lors d'une premiere operation autorisee par une premiere carte au moins une seconde operation
FR2785133A1 (fr) Procede d'acces a un serveur de service a partir d'une station mobile, module d'identification d'abonne et terminal correspondants

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH DE DK ES FI GB IT LI NL SE

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE CH DE DK ES FI GB IT LI NL SE

17P Request for examination filed

Effective date: 19990917

17Q First examination report despatched

Effective date: 20000307

GRAH Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOS IGRA

RTI1 Title (correction)

Free format text: METHOD FOR SECURING THE USAGE OF A TERMINAL OF A CELLULAR RADIO COMMUNICATION SYSTEM AND TERMINAL THEREFOR

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: ALCATEL BUSINESS SYSTEMS

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE CH DE DK ES FI GB IT LI NL SE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20031119

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20031119

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20031119

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

Free format text: NOT ENGLISH

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REF Corresponds to:

Ref document number: 69630769

Country of ref document: DE

Date of ref document: 20031224

Kind code of ref document: P

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20031231

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20031231

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20031231

RAP2 Party data changed (patent owner data changed or rights of a patent transferred)

Owner name: ALCATEL

GBT Gb: translation of ep patent filed (gb section 77(6)(a)/1977)

Effective date: 20040104

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20040219

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20040219

NLT2 Nl: modifications (of names), taken from the european patent patent bulletin

Owner name: ALCATEL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20040302

NLV1 Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act
BERE Be: lapsed

Owner name: *ALCATEL

Effective date: 20031231

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20040820

REG Reference to a national code

Ref country code: GB

Ref legal event code: 732E

REG Reference to a national code

Ref country code: GB

Ref legal event code: 732E

Free format text: REGISTERED BETWEEN 20090924 AND 20090930

REG Reference to a national code

Ref country code: GB

Ref legal event code: 732E

Free format text: REGISTERED BETWEEN 20120607 AND 20120613

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20151125

Year of fee payment: 20

Ref country code: IT

Payment date: 20151120

Year of fee payment: 20

Ref country code: DE

Payment date: 20151119

Year of fee payment: 20

REG Reference to a national code

Ref country code: DE

Ref legal event code: R071

Ref document number: 69630769

Country of ref document: DE

REG Reference to a national code

Ref country code: GB

Ref legal event code: PE20

Expiry date: 20161215

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION

Effective date: 20161215